UnitedHealth Group has disclosed that it paid ransom to cyber criminals following a cyberattack on its subsidiary Change Healthcare, which occurred in February. This decision was made in an effort to protect the sensitive patient data that was compromised during the incident.
Despite the ransom payment, significant amounts of personal and protected health information were stolen, impacting a vast number of individuals across the U.S. This breach has led to widespread disruption within the healthcare sector, affecting services ranging from prescription fillings to financial transactions for medical providers.
The cyberattack targeted Change Healthcare, which processes insurance and billing information for a multitude of U.S. healthcare facilities and handles substantial amounts of health data—reportedly for about half of all Americans.
The company confirmed that the attackers had accessed files containing both protected health information and personally identifiable information. The severity of the breach is highlighted by the fact that more than 15 billion transactions a year pass through Change Healthcare’s systems, and one in every three patient records in the U.S. could potentially be affected.
Following the breach, 22 screenshots of the compromised files were uploaded to the dark web, although UnitedHealth stated that no further data has been published online and there is no evidence to suggest that full medical histories or doctors’ charts were accessed.
Immediate Measures and Support
In response to the incident, UnitedHealth has initiated several measures to support affected individuals. These include setting up a dedicated website and a call center offering free identity theft protection and credit monitoring services for two years. However, the call center is currently unable to provide specific details regarding the impact on individual data due to the ongoing investigation and complexity of the data review.
The company’s immediate response to the cyberattack involved working closely with law enforcement and engaging multiple leading cybersecurity firms to manage the aftermath and prevent further unauthorized disclosure of data.
New Threats from RansomHub
Despite these efforts, a new hacking group known as RansomHub has emerged, claiming responsibility for publishing parts of the stolen data on the dark web and threatening to sell the information unless a second ransom is paid.
This group has distinguished itself from ALPHV, a Russia-based criminal gang that initially breached Change Healthcare’s systems using stolen credentials. ALPHV had previously extracted a $22 million ransom from the health tech giant in March before disappearing.
The breach began on February 21 and has had profound and enduring impacts on the U.S. healthcare system. It caused extensive outages at pharmacies and hospitals, leading to delays in verifying patient benefits, dispensing medications, organizing inpatient care, and processing necessary authorizations for surgeries. These disruptions have put significant financial pressure on healthcare providers and contributed to growing backlogs and prolonged outages.
The financial toll on UnitedHealth has been substantial, with losses reported to exceed $870 million. However, the company has performed better than expected financially, reporting $99.8 billion in revenue for the first three months of the year.
UnitedHealth’s CEO Andrew Witty, who was compensated nearly $21 million in 2022, is scheduled to testify before House lawmakers on May 1 regarding the incident and the company’s handling of the situation.
Related News:
Featured Image courtesy of Kristoffer Tripplaar/Alamy Stock Photo